worker_processes 1;
daemon off;

error_log <%= sandbox_root %>/director_nginx.error.log;

events { }

http {
  access_log <%= sandbox_root %>/director_nginx.access.log;

  client_max_body_size 5G;

  server_names_hash_max_size     512;
  server_names_hash_bucket_size  64;

  upstream director {
    server localhost:<%= director_ruby_port %>;
  }

  upstream uaa {
    server localhost:<%= uaa_port %>;
  }

  server {
    listen <%= nginx_port %> ssl;

    ssl_certificate     <%= ssl_cert_path %>;
    ssl_certificate_key <%= ssl_cert_key_path %>;
    ssl_session_timeout 7200;
    ssl_prefer_server_ciphers On;
    ssl_protocols TLSv1.2;
    ssl_ciphers DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK;

    proxy_set_header    X-BOSH-UPLOAD-REQUEST-TIME $request_time;
    proxy_set_header    X-Sendfile-Type            X-Accel-Redirect;
    proxy_set_header    X-Accel-Mapping            /=/x_accel_files/;
    proxy_set_header    Host                       $host;
    proxy_set_header    X-Real-IP                  $remote_addr;
    proxy_set_header    X-Forwarded-For            $proxy_add_x_forwarded_for;
    proxy_set_header    X-Forwarded-Proto          $scheme;

    proxy_max_temp_file_size 0;

    location /x_accel_files/ {
      internal;
      alias /;
    }

    location / {
      proxy_pass http://director;

      if ($content_type = "application/x-compressed") {
        more_set_input_headers "Content-Disposition: attachment";

        # Pass altered request body to this location
        upload_pass @director_upload;

        upload_resumable on;

        # Store files to this directory
        upload_store <%= sandbox_root %>;

        # Allow uploaded files to be read only by user
        upload_store_access user:r;

        # Set specified fields in request body
        upload_set_form_field "nginx_upload_path" $upload_tmp_path;

        # On any error, delete uploaded files.
        upload_cleanup 400-505;
      }
    }

    location @director_upload {
      proxy_pass http://director;
    }

    location /uaa {
      proxy_pass http://uaa;
    }
  }
}
